International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 25 May 2015

Yonglin Hao, Hongbo Yu
ePrint Report ePrint Report
In this paper, we study the security of two hash function families LSH and SHA-V.

We find that the wide-pipe MD structural LSH hash functions do not apply the traditional feeding forward operation.

This structural weakness enables us to launch free-start collision and pseudo-preimage attacks on full-round LSH hash functions with negligible complexities.

In order to evaluate the quality of the LSH round functions, we launch 14-round boomerang attacks on LSH-512 and LSH-256 hash functions with complexities $2^{308}$ and $2^{242}$ respectively.

We verify the correctness of our boomerang attacks by giving practical 11-round boomerang quartets.

These boomerang results indicate that the round functions of LSH are well designed.

Based on our analysis, we stress that the adoption of the feeding forward operation should be essential to the LSH hash functions despite of their well designed round functions.

The PMD structural SHA-V parallelizes two SHA-1-like streams and each stream processes independent 512-bit message blocks.

This structure enable us to utilize the divide-and-conquer strategy to find preimages and collisions.

Our preimage attack can be applied to full-round SHA-V with time \\& memory complexities $O(2^{80})$.

Our trivial collision attacks also requires $O(2^{80})$ complexities but, utilizing existing results on SHA-1, we can find a SHA-V collision with a time complexity $O(2^{61})$ and a negligible memory complexity.

These results indicate that there are weaknesses in both the structure and the round function of SHA-V.

Expand

Additional news items may be found on the IACR news page.